7.8

CVE-2018-7480

The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.1.41 < 4.1.51
LinuxLinux Kernel Version >= 4.3 < 4.4.123
LinuxLinux Kernel Version >= 4.5 < 4.9.89
LinuxLinux Kernel Version >= 4.10 < 4.11
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.272
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://usn.ubuntu.com/3654-1/
Third Party Advisory
https://usn.ubuntu.com/3654-2/
Third Party Advisory
https://usn.ubuntu.com/3656-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4188
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b54d816e00425c3a517514e0d677bb3cec49258
Patch
Vendor Advisory
https://github.com/torvalds/linux/commit/9b54d816e00425c3a517514e0d677bb3cec49258
Patch
Vendor Advisory